Usage Scenarios

From Linux-VServer

For many people, virtual server may look like a great toy: Very high geekness factor. It looks cool, but probably not for everyone. Wrong!

The primary goal of this project is to create virtual servers sharing the same machine. A virtual server operates like a normal Linux server. It runs normal services such as ssh, mail, web and database servers.

Contents

Consolidation and Separation

As the hardware evolves, it is tempting to put more and more tasks on a server. Though Linux could reliably handle it, at some point, you will end up with too much stuff and people fiddling in the same box that you worry about updating things. Additionally, separating different or similar services which otherwise would interfere with each other, either because they are poorly designed or because they are simply incapable of peaceful coexistence for whatever reason, may often be complex or even impossible.

The Linux-VServer project addresses this issue. The same box is able to run multiple virtual servers and each one does the job it is supposed to do. If you need to upgrade to PHP 5 for a given project, you can do so, and only that one project is affected.

Also, you can give the root password of a virtual server to an administrator for that virtual server and he/she will be able to perform updates, restart services and so on without having to know about every other project hosted on the same server. This allows a clever provider to sell Virtual Private Servers, which uses less resources than other virtualization techniques, which in turn allows to put more units on a single machine.

The list of providers doing so is relatively long, and so this is rightfully considered the main area of application. See VServer Hosting for a (probably incomplete) list of companies providing Virtual Private Servers based on the Linux-VServer technology.

Enhancing Security

While it can be interesting to run several virtual servers in one box, there is one concept potentially more generally useful. Imagine a physical server running a single virtual server. The goal is isolate the main environment from any service, any network. You boot in the main environment, start very few services and then continue in the virtual server.

The service in the main environment would be:

Unreachable from the network.

Able to log messages from the virtual server in a secure way. The virtual server would be unable to change/erase the logs. Even a cracked virtual server would not be able the edit the log.

Able to run intrusion detection facilities, potentially spying the state of the virtual server without being accessible or noticed. For example, tripwire could run there and it would be impossible to circumvent its operation or trick it.

Another option is to put the firewall in a virtual server, and pull in the DMZ, containing each service in a separate VPS. On proper configuration, this setup can reduce the number of required machines drastically, without impacting performance.

Resource Independence

Since virtual servers are only guests on the hardware they are using, they are not aware of the specifics: they do not contain disk configurations, kernels or network configurations.

One key feature of a virtual server is the independence from the actual hardware. Most hardware issues are irrelevant for a virtual server installation.

The main server acts as a host and takes care of all the details. The virtual server is just a client and ignores all the details. As such, the client can be moved to another physical server with very few manipulations.

For example, to move the virtual server from one physical computer to another, it sufficient to do the following:

shutdown the running server

copy it over to the other machine

copy the configuration

start the virtual server on the new machine

No adjustments to user setup, password database or hardware configuration are required, as long as both machines are binary compatible.

Thus, once you have found that a project is using more resource than expected, you can easily move it to another box without tinkering around in hardware configuration files. A virtual server is just a directory on the filesystem of host system.

Fail-over Scenarios

Pushing the limit a little further, replication technology could be used to keep an up-to-the-minute copy of the filesystem of a running virtual server. This would permit a very fast fail-over if the running server goes offline for whatever reason.

All the known methods to accomplish this, starting with network replication via rsync, or drbd, via network devices, or shared disk arrays, to distributed filesystems, can be utilized to reduce the down-time and improve overall efficiency.

Experimenting and Upgrading

If you intend to upgrade a system to get new features or security updates, you probably first test the new packages on the development machine, before you are ready to update the production server. Having some experience you do it properly:

Doing a backup of the server

Perform all the upgrades and install the new applications

Two hours later you realise that something does not work as expected. To make it worse, it works fine on the development machine. We have all experienced this.

Another solution to this problem would be to install the new production server on new hardware, but this is not as easy, as you have to clone the first server (most people are not comfortable doing this) or you do not have the hardware.

Using virtual servers, all this is very easy:

Stop the virtual server in production

Make a copy of the virtual server

Perform the upgrades in the new virtual server

To get back to our example above, two hours later you realise that something does not work as expected and you cannot immediately fix it.

Again, using virtual servers, the (temporary) solution to this problem is very easy:

Stop the new virtual server and assign it a new IP address

Start both the old and new virtual server

Now the old one is still online and you can track down the issues on your new virtual server using a different IP address, fix the problem and reassign the old IP address to the new virtual server.

Distribution Independence

People are often talking about their preferred distribution. Should one use Fedora, Debian or something else? Should one give a spin to the latest and greatest distribution just for the sake of it?

With virtual servers, the choice of a distribution is less important. When you select a distribution, you expect it will do the following:

Good hardware support/detection

Good package technology/updates

Good package selection

Reliable packages

The choice is important because every service running on a box will be using the same distribution. Most distributions out there are good and reliable. Still each one has its peculiarities and probably flaws. For example, one distribution is doing a great job on security but is not delivering the latest and greatest PHP. Now because you have decided to use this distribution for some projects, using virtual servers does not prevent you from using another distribution for other projects or even a second virtual server for existing projects.

Other considerations

Virtual Private Servers are running on the same kernel as the host: Unlike other VM solutions, Linux-VServer does not require additional memory or processing power, in fact it may even reduce used memory due to the fact that multiple virtual servers may share the same files.

There are no special daemons running: A VPS running crond, sshd, httpd and sendmail uses the same resources as a normal Linux server running these services.

No pre-allocated disk space needed: A VPS generally shares the disk space with the host system, so there is no need to pre-allocate disk space for each virtual server to find out later that your disk is full, yet each VPS is using only a tiny portion of their allocated space.

Resource sharing: Since virtual servers can share binaries and libraries without interfering, a second VPS generally costs about 40-100MB of disk space only. Most of this space is a copy of the packaging database.

32-/64-bit independence: You can easily run a 32-bit distribution inside a VPS on a 64-bit host system, but faster, sometimes a lot.

Admin tools work inside a vserver as usual: A vserver feels like a real server from within and can be used in the same ways.